A training tool displaying some techniques for secure web app development
sectrain is a program to illustrate some of the security issues common in applications such as XSS and buffer overflows along with how to stop them. Currently this shows example in PHP and
The simplest way to install sectrain is to use the snap
sudo snap install sectrain
Open your browser to your host on port 1984, then browse choose the secure or insecure links. Try an exploit such as :
You will see how sanitizing the input/output helps solve these issues.
Python Buffer Overflows
There are two examples to look at, pybuffgood and pybuffbad, sending in too long of a string breaks it. Simple, but still a good way to illustrate the point.
For versions of Ubuntu between 14.04 LTS (Trusty Tahr) and 15.10 (Wily Werewolf), as well as Ubuntu flavours that don’t include snap by default, snap can be installed from the Ubuntu Software Centre by searching for snapd.
Alternatively, snapd can be installed from the command line:
sudo apt update
sudo apt install snapd
Either log out and back in again, or restart your system, to ensure snap’s paths are updated correctly.
To install sectrain, simply use the following command: